KUBE_CONTROLLER_MANAGER_ARGS="\
    --allocate-node-cidrs=true \
    --bind-address=0.0.0.0 \
    --authentication-kubeconfig=/etc/kubernetes/controller-manager.kubeconfig \
    --authorization-kubeconfig=/etc/kubernetes/controller-manager.kubeconfig \
    --client-ca-file=/etc/kubernetes/pki/ca.pem \
    --cluster-cidr={{ kubernetes.podSubnet }} \
    --service-cluster-ip-range={{ kubernetes.serviceSubnet }} \
    --cluster-name=kubernetes \
    --cluster-signing-cert-file=/etc/kubernetes/pki/ca.pem \
    --cluster-signing-key-file=/etc/kubernetes/pki/ca.key \
    --controllers=*,bootstrapsigner,tokencleaner \
    --deployment-controller-sync-period=30s \
    --horizontal-pod-autoscaler-sync-period=30s \
    --kubeconfig=/etc/kubernetes/controller-manager.kubeconfig \
    --leader-elect=true \
    --port=0 \
    --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.pem \
    --root-ca-file=/etc/kubernetes/pki/ca.pem \
    --service-account-private-key-file=/etc/kubernetes/pki/sa.key \
    --use-service-account-credentials=true \
    --feature-gates=RotateKubeletServerCertificate=true \
    --v=2"
